Filter
Top Products
1-4
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 1 Overview
Hardware Required
The VSA provides hardware-accelerated support for multiple encryption functions:
• 128/192/256-bit Advanced Encryption Standard (AES) in hardware
• Data Encryption Standard (DES) standard mode with 56-bit key: Cipher Block Chaining (CBC)
• Performance to 900 Mbps encrypted throughput with 300 byte packets and 1000 tunnels
• 5000 tunnels for DES/3DES/AES
• Secure Hash Algorithm1 (SHA-1) and Message Digest 5 (MD5) hash algorithms
• Rivest, Shamir, Adelman (RSA) public-key algorithm
• Diffie-Hellman Groups 1, 2 and 5
Hardware Required
The hardware required to ensure proper operation of the C7200 VSA is as follows:
• The C7200 VSA is compatible with the Cisco NPE-G2 processor on the Cisco 7204VXR or Cisco
7206VXR routers.
• ROMmon requirement—12.4(4r)XD5
• I/O FPGA requirement—0x25 (decimal 0.37)
• VSA FPGA requirement—0x13 (decimal 0.19)
Features
This section describes the VSA features, as listed in Table 1-1.
1 Host IO Bus and PCI-X Bus 2 Power supply
Table 1-1 VSA Features
Feature Description/Benefit
Throughput
1
1. As measured with IPSec 3DES HMAC-SHA1 on 1400 byte packets.
Performance to 900 Mbps encrypted throughput using 3DES
or AES on the Cisco 7204VXR and Cisco 7206VXR routers
Number of IPSec protected tunnels
2
Up to 5000 tunnels
3
Number of tunnels per second Note: will update after further testing
Hardware-based encryption Data protection: IPSec DES, 3DES, and AES
Authentication: RSA and Diffie-Hellman
Data integrity: SHA-1 and Message Digest 5 (MD5)
VPN tunneling IPsec tunnel mode; Generic Routing Encapsulation (GRE) and
Layer 2 Tunneling Protocol (L2TP) protected by IPSec
Minimum Cisco IOS software release
supported
12.4(4)XD3 fc2 or later release of 12.4XD
12.4(11)T or later release of 12.4T
Standards supported IPSec/IKE: RFCs 2401-2411, 2451